Merge branch 'develop' into main

clemlesne · Apr 13, 2023 · 3a6d578 · 3a6d578
2 parents 5f6c6ed + 473ac69
commit 3a6d578
Show file tree

Hide file tree

Showing 10 changed files with 108 additions and 78 deletions.
diff --git a/.github/workflows/pipeline.yaml b/.github/workflows/pipeline.yaml
@@ -20,21 +20,21 @@ env:
   CONTAINER_NAME: ${{ github.repository }}
   CONTAINER_REGISTRY: ghcr.io
   # https://github.com/microsoft/azure-pipelines-agent/releases
-  AGENT_VERSION: 3.218.0
+  AZP_AGENT_VERSION: 3.218.0
   # https://github.com/PowerShell/PowerShell/releases
   POWERSHELL_VERSION: 7.2.10
   # https://github.com/krallin/tini/releases
   TINI_VERSION: 0.19.0
   # https://github.com/mikefarah/yq/releases
-  YQ_VERSION: 4.33.2
+  YQ_VERSION: 4.33.3
   # https://go.dev/dl
   GO_VERSION: 1.20.3
   # https://github.com/rootless-containers/rootlesskit/releases
   ROOTLESSKIT_VERSION: 1.1.0
   # https://github.com/moby/buildkit/releases
   BUILDKIT_VERSION: 0.11.5
-  # https://github.com/shadow-maint/shadow/releases
-  SHADOW_VERSION: 4.12.3
+  # https://github.com/Azure/azure-cli/releases
+  AZURE_CLI_VERSION: 2.47.0
 
 jobs:
   build-helm:
@@ -67,7 +67,7 @@ jobs:
           cp README.md src/helm/azure-pipelines-agent/
 
           helm package \
-            --app-version ${{ env.AGENT_VERSION }} \
+            --app-version ${{ env.AZP_AGENT_VERSION }} \
             --destination .cr-release-packages \
             --key 'Clémence Lesné' \
             --keyring keyring.gpg \
@@ -194,12 +194,12 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           build-args: |
-            "AGENT_VERSION=${{ env.AGENT_VERSION }}"
+            "AZP_AGENT_VERSION=${{ env.AZP_AGENT_VERSION }}"
+            "AZURE_CLI_VERSION=${{ env.AZURE_CLI_VERSION }}"
             "BUILDKIT_VERSION=${{ env.BUILDKIT_VERSION }}"
             "GO_VERSION=${{ env.GO_VERSION }}"
             "POWERSHELL_VERSION=${{ env.POWERSHELL_VERSION }}"
             "ROOTLESSKIT_VERSION=${{ env.ROOTLESSKIT_VERSION }}"
-            "SHADOW_VERSION=${{ env.SHADOW_VERSION }}"
             "TINI_VERSION=${{ env.TINI_VERSION }}"
             "YQ_VERSION=${{ env.YQ_VERSION }}"
           cache-from: type=gha

diff --git a/README.md b/README.md
@@ -64,7 +64,7 @@ helm upgrade --install agent clemlesne-azure-pipelines-agent/azure-pipelines-age
 
 ### Provided software
 
-- [Azure Pipelines agent](https://github.com/microsoft/azure-pipelines-agent) (see env var `AGENT_VERSION` on the container images) + [requirements](https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops#linux)
+- [Azure Pipelines agent](https://github.com/microsoft/azure-pipelines-agent) (see env var `AZP_AGENT_VERSION` on the container images) + [requirements](https://learn.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops#linux)
 - [ASP.NET Core](https://github.com/dotnet/aspnetcore) runtime (required by the Azure Pipelines agent)
 - [Azure CLI](https://github.com/Azure/azure-cli) (required by the Azure Pipelines agent) + requirements ([Python 3.8](https://www.python.org/downloads/release/python-380), [Python 3.9](https://www.python.org/downloads/release/python-390), [Python 3.10](https://www.python.org/downloads/release/python-3100), depending of the system, plus C/Rust build tools for libs non pre-built on the platforms)
 - [Powershell](https://github.com/PowerShell/PowerShell), [bash](https://www.gnu.org/software/bash) and [zsh](https://www.zsh.org) (for inter-operability)

diff --git a/example/helm/container-build.yaml b/example/helm/container-build.yaml
@@ -27,3 +27,7 @@ pipelines:
   pat: your-pat
   pool: private_kube
   url: https://dev.azure.com/shopping-cart-devops-demo
+
+image:
+  # Ubuntu 22.04 use Kernel v5.15, more performant than the v5.10 in Debian 11
+  flavor: jammy
diff --git a/src/docker/Dockerfile-bullseye b/src/docker/Dockerfile-bullseye
@@ -2,6 +2,10 @@ FROM mcr.microsoft.com/dotnet/aspnet:6.0-bullseye-slim as base
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Configure local user
+ENV USER root
+ENV HOME /home/${USER}
+
 # Install:
 # - Azure Pipelines agent system requirements
 # - zsh, for inter-operability
@@ -28,16 +32,17 @@ RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked --mount=target=/
         jq \
         libffi-dev \
         libssl-dev \
+        libssl1.1 \
         lsb-release \
         make \
         pkg-config \
         python3-dev=3.9.* \
-        uidmap \
         python3-pip \
         python3=3.9.* \
         software-properties-common \
         sudo \
         tar \
+        uidmap \
         unzip \
         wget \
         zip \
@@ -72,8 +77,10 @@ RUN git clone --depth 1 --branch v${ROOTLESSKIT_VERSION} https://github.com/root
 FROM base
 
 # Install Azure CLI, then verify installation
+ARG AZURE_CLI_VERSION
+ENV AZURE_CLI_VERSION ${AZURE_CLI_VERSION}
 RUN python3 -m pip install --upgrade pip setuptools wheel \
-    && python3 -m pip install azure-cli \
+    && python3 -m pip install "azure-cli==${AZURE_CLI_VERSION}" \
     && az --version
 
 # Install Powershell, then verify installation
@@ -116,21 +123,21 @@ RUN rootlesskit --version \
     && rootlessctl --version
 
 # Install Azure Pipelines Agent sources, then verify installation
-ARG AGENT_VERSION
-ENV AGENT_VERSION ${AGENT_VERSION}
-ENV AGENT_HOME ${HOME}/azp
-RUN mkdir -p ${AGENT_HOME} \
-    && curl -LsSf https://vstsagentpackage.azureedge.net/agent/${AGENT_VERSION}/pipelines-agent-linux-$(bash arch.sh)-${AGENT_VERSION}.tar.gz | tar -xz -C ${AGENT_HOME} \
-    && cd $AGENT_HOME \
+ARG AZP_AGENT_VERSION
+ENV AZP_AGENT_VERSION ${AZP_AGENT_VERSION}
+ENV AZP_HOME ${HOME}/azp-agent
+RUN mkdir -p ${AZP_HOME} \
+    && curl -LsSf https://vstsagentpackage.azureedge.net/agent/${AZP_AGENT_VERSION}/pipelines-agent-linux-$(bash arch.sh)-${AZP_AGENT_VERSION}.tar.gz | tar -xz -C ${AZP_HOME} \
+    && cd $AZP_HOME \
     && chmod +x run-docker.sh config.sh \
     && AGENT_ALLOW_RUNASROOT="1" bash run-docker.sh --version
+ENV AZP_WORK ${HOME}/azp-work
+VOLUME ${AZP_WORK}
 
 # Cleanup helper script
 RUN rm arch.sh
 
 # Configure local user
-ENV USER root
-ENV HOME /home/${USER}
 RUN mkdir -p /run/${USER}/0 ${HOME}/.local/tmp ${HOME}/.local/share/buildkit \
     && chown -R ${USER} /run/${USER}/0 ${HOME} \
     && echo ${USER}:100000:65536 | tee /etc/subuid | tee /etc/subgid
@@ -141,6 +148,6 @@ ENV BUILDKIT_HOST=unix:///run/${USER}/0/buildkit/buildkitd.sock
 VOLUME ${HOME}/.local/share/buildkit
 
 # Install Azure Pipelines Agent startup script
-COPY start.sh ${AGENT_HOME}
-RUN chmod +x ${AGENT_HOME}/start.sh
-CMD bash ${AGENT_HOME}/start.sh
+COPY start.sh ${AZP_HOME}
+RUN chmod +x ${AZP_HOME}/start.sh
+CMD bash ${AZP_HOME}/start.sh
diff --git a/src/docker/Dockerfile-focal b/src/docker/Dockerfile-focal
@@ -2,6 +2,10 @@ FROM mcr.microsoft.com/dotnet/aspnet:6.0-focal as base
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Configure local user
+ENV USER root
+ENV HOME /home/${USER}
+
 # Install:
 # - Azure Pipelines agent system requirements
 # - zsh, for inter-operability
@@ -27,6 +31,7 @@ RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked --mount=target=/
         jq \
         libffi-dev \
         libssl-dev \
+        libssl1.1 \
         lsb-release \
         make \
         pkg-config \
@@ -71,8 +76,10 @@ RUN git clone --depth 1 --branch v${ROOTLESSKIT_VERSION} https://github.com/root
 FROM base
 
 # Install Azure CLI, then verify installation
+ARG AZURE_CLI_VERSION
+ENV AZURE_CLI_VERSION ${AZURE_CLI_VERSION}
 RUN python3 -m pip install --upgrade pip setuptools wheel \
-    && python3 -m pip install azure-cli \
+    && python3 -m pip install "azure-cli==${AZURE_CLI_VERSION}" \
     && az --version
 
 # Install Powershell, then verify installation
@@ -115,21 +122,21 @@ RUN rootlesskit --version \
     && rootlessctl --version
 
 # Install Azure Pipelines Agent sources, then verify installation
-ARG AGENT_VERSION
-ENV AGENT_VERSION ${AGENT_VERSION}
-ENV AGENT_HOME ${HOME}/azp
-RUN mkdir -p ${AGENT_HOME} \
-    && curl -LsSf https://vstsagentpackage.azureedge.net/agent/${AGENT_VERSION}/pipelines-agent-linux-$(bash arch.sh)-${AGENT_VERSION}.tar.gz | tar -xz -C ${AGENT_HOME} \
-    && cd $AGENT_HOME \
+ARG AZP_AGENT_VERSION
+ENV AZP_AGENT_VERSION ${AZP_AGENT_VERSION}
+ENV AZP_HOME ${HOME}/azp-agent
+RUN mkdir -p ${AZP_HOME} \
+    && curl -LsSf https://vstsagentpackage.azureedge.net/agent/${AZP_AGENT_VERSION}/pipelines-agent-linux-$(bash arch.sh)-${AZP_AGENT_VERSION}.tar.gz | tar -xz -C ${AZP_HOME} \
+    && cd $AZP_HOME \
     && chmod +x run-docker.sh config.sh \
     && AGENT_ALLOW_RUNASROOT="1" bash run-docker.sh --version
+ENV AZP_WORK ${HOME}/azp-work
+VOLUME ${AZP_WORK}
 
 # Cleanup helper script
 RUN rm arch.sh
 
 # Configure local user
-ENV USER root
-ENV HOME /home/${USER}
 RUN mkdir -p /run/${USER}/0 ${HOME}/.local/tmp ${HOME}/.local/share/buildkit \
     && chown -R ${USER} /run/${USER}/0 ${HOME} \
     && echo ${USER}:100000:65536 | tee /etc/subuid | tee /etc/subgid
@@ -140,6 +147,6 @@ ENV BUILDKIT_HOST=unix:///run/${USER}/0/buildkit/buildkitd.sock
 VOLUME ${HOME}/.local/share/buildkit
 
 # Install Azure Pipelines Agent startup script
-COPY start.sh ${AGENT_HOME}
-RUN chmod +x ${AGENT_HOME}/start.sh
-CMD bash ${AGENT_HOME}/start.sh
+COPY start.sh ${AZP_HOME}
+RUN chmod +x ${AZP_HOME}/start.sh
+CMD bash ${AZP_HOME}/start.sh
diff --git a/src/docker/Dockerfile-jammy b/src/docker/Dockerfile-jammy
@@ -2,6 +2,10 @@ FROM mcr.microsoft.com/dotnet/aspnet:6.0-jammy as base
 
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Configure local user
+ENV USER root
+ENV HOME /home/${USER}
+
 # Install:
 # - Azure Pipelines agent system requirements
 # - zsh, for inter-operability
@@ -27,6 +31,7 @@ RUN --mount=target=/var/lib/apt/lists,type=cache,sharing=locked --mount=target=/
         jq \
         libffi-dev \
         libssl-dev \
+        libssl3 \
         lsb-release \
         make \
         pkg-config \
@@ -71,8 +76,10 @@ RUN git clone --depth 1 --branch v${ROOTLESSKIT_VERSION} https://github.com/root
 FROM base
 
 # Install Azure CLI, then verify installation
+ARG AZURE_CLI_VERSION
+ENV AZURE_CLI_VERSION ${AZURE_CLI_VERSION}
 RUN python3 -m pip install --upgrade pip setuptools wheel \
-    && python3 -m pip install azure-cli \
+    && python3 -m pip install "azure-cli==${AZURE_CLI_VERSION}" \
     && az --version
 
 # Install Powershell, then verify installation
@@ -115,21 +122,21 @@ RUN rootlesskit --version \
     && rootlessctl --version
 
 # Install Azure Pipelines Agent sources, then verify installation
-ARG AGENT_VERSION
-ENV AGENT_VERSION ${AGENT_VERSION}
-ENV AGENT_HOME ${HOME}/azp
-RUN mkdir -p ${AGENT_HOME} \
-    && curl -LsSf https://vstsagentpackage.azureedge.net/agent/${AGENT_VERSION}/pipelines-agent-linux-$(bash arch.sh)-${AGENT_VERSION}.tar.gz | tar -xz -C ${AGENT_HOME} \
-    && cd $AGENT_HOME \
+ARG AZP_AGENT_VERSION
+ENV AZP_AGENT_VERSION ${AZP_AGENT_VERSION}
+ENV AZP_HOME ${HOME}/azp-agent
+RUN mkdir -p ${AZP_HOME} \
+    && curl -LsSf https://vstsagentpackage.azureedge.net/agent/${AZP_AGENT_VERSION}/pipelines-agent-linux-$(bash arch.sh)-${AZP_AGENT_VERSION}.tar.gz | tar -xz -C ${AZP_HOME} \
+    && cd $AZP_HOME \
     && chmod +x run-docker.sh config.sh \
     && AGENT_ALLOW_RUNASROOT="1" bash run-docker.sh --version
+ENV AZP_WORK ${HOME}/azp-work
+VOLUME ${AZP_WORK}
 
 # Cleanup helper script
 RUN rm arch.sh
 
 # Configure local user
-ENV USER root
-ENV HOME /home/${USER}
 RUN mkdir -p /run/${USER}/0 ${HOME}/.local/tmp ${HOME}/.local/share/buildkit \
     && chown -R ${USER} /run/${USER}/0 ${HOME} \
     && echo ${USER}:100000:65536 | tee /etc/subuid | tee /etc/subgid
@@ -140,6 +147,6 @@ ENV BUILDKIT_HOST=unix:///run/${USER}/0/buildkit/buildkitd.sock
 VOLUME ${HOME}/.local/share/buildkit
 
 # Install Azure Pipelines Agent startup script
-COPY start.sh ${AGENT_HOME}
-RUN chmod +x ${AGENT_HOME}/start.sh
-CMD bash ${AGENT_HOME}/start.sh
+COPY start.sh ${AZP_HOME}
+RUN chmod +x ${AZP_HOME}/start.sh
+CMD bash ${AZP_HOME}/start.sh
diff --git a/src/docker/Dockerfile-ubi8 b/src/docker/Dockerfile-ubi8
@@ -1,5 +1,9 @@
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.7 as base
 
+# Configure local user
+ENV USER root
+ENV HOME /home/${USER}
+
 # Install:
 # - Azure Pipelines agent system requirements
 # - Azure CLI system requirements (Python 3.9, plus C/Rust build tools for libs non pre-built on this platform)
@@ -12,6 +16,7 @@ RUN --mount=target=/var/cache/yum,type=cache,sharing=locked \
         aspnetcore-runtime-6.0 \
         ca-certificates \
         cargo \
+        compat-openssl10 \
         curl \
         fuse-overlayfs \
         gcc \
@@ -26,11 +31,12 @@ RUN --mount=target=/var/cache/yum,type=cache,sharing=locked \
         jq \
         make \
         openssl-devel \
+        openssl-libs \
         pkg-config \
         python39 \
-        shadow-utils \
         python39-devel \
         python39-pip \
+        shadow-utils \
         sudo \
         tar \
         unzip \
@@ -67,8 +73,10 @@ RUN git clone --depth 1 --branch v${ROOTLESSKIT_VERSION} https://github.com/root
 FROM base
 
 # Install Azure CLI, then verify installation
+ARG AZURE_CLI_VERSION
+ENV AZURE_CLI_VERSION ${AZURE_CLI_VERSION}
 RUN python3 -m pip install --upgrade pip setuptools wheel \
-    && python3 -m pip install azure-cli \
+    && python3 -m pip install "azure-cli==${AZURE_CLI_VERSION}" \
     && az --version
 
 # Install Powershell, then verify installation
@@ -111,21 +119,21 @@ RUN rootlesskit --version \
     && rootlessctl --version
 
 # Install Azure Pipelines Agent sources, then verify installation
-ARG AGENT_VERSION
-ENV AGENT_VERSION ${AGENT_VERSION}
-ENV AGENT_HOME ${HOME}/azp
-RUN mkdir -p ${AGENT_HOME} \
-    && curl -LsSf https://vstsagentpackage.azureedge.net/agent/${AGENT_VERSION}/pipelines-agent-linux-$(bash arch.sh)-${AGENT_VERSION}.tar.gz | tar -xz -C ${AGENT_HOME} \
-    && cd $AGENT_HOME \
+ARG AZP_AGENT_VERSION
+ENV AZP_AGENT_VERSION ${AZP_AGENT_VERSION}
+ENV AZP_HOME ${HOME}/azp-agent
+RUN mkdir -p ${AZP_HOME} \
+    && curl -LsSf https://vstsagentpackage.azureedge.net/agent/${AZP_AGENT_VERSION}/pipelines-agent-linux-$(bash arch.sh)-${AZP_AGENT_VERSION}.tar.gz | tar -xz -C ${AZP_HOME} \
+    && cd $AZP_HOME \
     && chmod +x run-docker.sh config.sh \
     && AGENT_ALLOW_RUNASROOT="1" bash run-docker.sh --version
+ENV AZP_WORK ${HOME}/azp-work
+VOLUME ${AZP_WORK}
 
 # Cleanup helper script
 RUN rm arch.sh
 
 # Configure local user
-ENV USER root
-ENV HOME /home/${USER}
 RUN mkdir -p /run/${USER}/0 ${HOME}/.local/tmp ${HOME}/.local/share/buildkit \
     && chown -R ${USER} /run/${USER}/0 ${HOME} \
     && echo ${USER}:100000:65536 | tee /etc/subuid | tee /etc/subgid
@@ -136,6 +144,6 @@ ENV BUILDKIT_HOST=unix:///run/${USER}/0/buildkit/buildkitd.sock
 VOLUME ${HOME}/.local/share/buildkit
 
 # Install Azure Pipelines Agent startup script
-COPY start.sh ${AGENT_HOME}
-RUN chmod +x ${AGENT_HOME}/start.sh
-CMD bash ${AGENT_HOME}/start.sh
+COPY start.sh ${AZP_HOME}
+RUN chmod +x ${AZP_HOME}/start.sh
+CMD bash ${AZP_HOME}/start.sh
diff --git a/src/docker/start.sh b/src/docker/start.sh
@@ -26,8 +26,9 @@ if [ -z "$AZP_AGENT_NAME" ]; then
   exit 1
 fi
 
-if [ -n "$AZP_WORK" ]; then
-  mkdir -p "$AZP_WORK"
+if [ ! -w "$AZP_WORK" ]; then
+  echo 1>&2 "error: work dir AZP_WORK (${AZP_WORK}) is not writeable or does not exist"
+  exit 1
 fi
 
 print_header() {